Secure Ajax Layer

In an effort to provide a safe and secure environment for Rich Internet Application
development, with minimal fuss, we have developed the Secure Ajax Layer library.
This library uses the latest encryption methods such as AES and RSA to keep your
communications private, and keep your Ajax application servers secure from hacking
attempts. It does this with a protocol that ensures encryption keys and program
code are delivered to the web client without exposing shared secrets and protecting the keys and
code from modification and from prying eyes.

It does this WITHOUT the need for SSL or HTTPS, which have been under increasing
attack in recent months, and are notoriously expensive and difficult to set up.

Why do you need this?

HTTPS servers can be costly, and not all hosting providers can give it to you.

Properly generated and authenticated certificates are very costly and must be renewed regularly.

HTTPS and SSL have been under increasing attack, and there have been reports of many successful attacks! For details, see the references below.

Your browser's XMLHTTPRequestObject, the object that enables AJAX, can be compromised outside of your web application, and can funnel data to other destinations EVEN IF YOU USE SSL AND HTTPS.

Even with HTTPS, attackers can still probe your webservices for vulnerabilities. SSL proves your servers identity, not the clients.

This library by default counters these issues, and with additional safe practices, can overcome all of them.

Features:

Uses AES-256 for communications, with 128 bit RSA signatures.

Encryption keys are randomly generated per session, and can be renegotiated as needed.

Distribution of encryption keys and client-side code is performed with a proprietary process that is immune to man-in-the-middle attacks.

What it does for you:

The Secure Ajax Library is comprised of 3 PHP webservices, a JavaScript, and a PHP server template that can be used
as the model for your secure web services. These scripts together implement the Secure Ajax Layer protocol.

The Secure Ajax Layer can transmit XML, JSON, JavaScript, stylesheets, HTML documents, and plain text back and forth between the client and the server.
On web clients that implement data URLs, even images can be securely transferred.
All messages to and from the server are encrypted and signed, and properly validated messages are read and interpreted by the server, ensuring that nobody can call
your APIs without being authenticated and authorized by the Secure Ajax Layer. Additionally, only properly encrypted and signed messages are interpreted by the client,
protecting your client from data, pages, and scripts being modified in transit.

Using our Safe Programming Practices, we can ensure that your web application can be made at least as secure as HTTPS, with much less cost and fuss, and
used in conjunction with HTTPS pages, your web application can be made much more secure than HTTPS alone.

There is a free PHP version of SecureAjax, as well as a commercial version that exists as a compiled PHP extension. The free version is hosted here at GitHub,
which we will try to support via email as best we can. If you are interested in licensing commercial version of the Secure Ajax Layer libaray, please send us an email and we would be glad to help!